我试图添加MANAGER角色。具有MANAGER的用户必须能够创建其他用户。
我更新了AuthoritiesConstants.java,如下所示:
public final class AuthoritiesConstants {
public static final String ADMIN = "ROLE_ADMIN";
public static final String USER = "ROLE_USER";
public static final String ANONYMOUS = "ROLE_ANONYMOUS";
public static final String MANAGER = "ROLE_MANAGER";
private AuthoritiesConstants() {
}
}
我还更新了authority.csv:
name
ROLE_ADMIN
ROLE_USER
ROLE_MANAGER
我尝试更新UserResource.java,如下所示:
@PostMapping("/users")
@Timed
@Secured({AuthoritiesConstants.ADMIN,AuthoritiesConstants.MANAGER})
public ResponseEntity createUser(@Valid @RequestBody ManagedUserVM managedUserVM) throws URISyntaxException {
log.debug("REST request to save User : {}", managedUserVM);
}
和此:
@RestController
@RequestMapping("/api")
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class UserResource {
@PostMapping("/users")
@Timed
@PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_MANAGER')")
public ResponseEntity createUser(@Valid @RequestBody ManagedUserVM managedUserVM) throws URISyntaxException {
log.debug("REST request to save User : {}", managedUserVM);
//....
}
//....
}
我已登录角度界面并使用ROLE_MANAGER和ROLE_USER角色创建用户 toto 。我已更新html文件,以便具有ROLE_MANAGER的用户可以访问用户管理页面。
当用户提交用户创建表单时,后端响应状态为403(禁止)。
答案 0 :(得分:0)
我重现了您的问题并获得了访问被拒绝错误,但在浏览器控制台中却是/api/users/authorities。
因此,此修复包括授权ROLE_MANAGER角色访问UserResource.getAuthorities():
@GetMapping("/users/authorities")
@Timed
@Secured({AuthoritiesConstants.ADMIN, AuthoritiesConstants.MANAGER})
public List<String> getAuthorities() {
return userService.getAuthorities();
}